Most of the concepts in this guide assume some familiarity with standard ServiceNow functionality. To integrate with
the Security Operations suite, at a minimum,
knowledge of the following ServiceNow
concepts is required:

Script includes

Inbound/outbound web services

Data sources

Import sets

Transform maps

Technology Partner Program

Any requirements for application certification or guidelines given in the Technology Partner
Program literature supersede any information in this guide. This guide is not a replacement for
the Technology Partner Program literature and serves only as a supplement to existing
documentation.

The Security Operations applications (Security Incident Response, Threat Intelligence, and Vulnerability Response) can be seamlessly integrated with other ServiceNow applications to enhance their functionality.

Many of the integrations included in the base system require little or no setup, and operate in the same way. Certain integrations, such as the Qualys Cloud Platform, however, require separate steps for setting up the integration. Others support different sets of scan and lookup types and different rate limits.

When data is imported from a third-party integration, the host information is searched automatically for matches in the CMDB. When a host ID match is found, it is used as the Configuration item field in the vulnerable item record. If a match is not found, or the host ID field is empty, the rules use the other host information to correctly identify the CI.